undefined | Better HN

0 pointsosy5y ago0 comments

Boot Guard is not implemented on most (all?) self built machines and a lot of pre-builts as well. But even if it is enabled, UEFI variables are not protected at all. You can disable Secure Boot just by overwriting UEFI variables and then boot any arbitrary code from USB.

0 comments

mjg595y ago

Which will change the measurements in PCR7, which is a detectable event that will break Bitlocker unsealing.

j / k navigate · click thread line to collapse

0 pointsosy5y ago0 comments

Boot Guard is not implemented on most (all?) self built machines and a lot of pre-builts as well. But even if it is enabled, UEFI variables are not protected at all. You can disable Secure Boot just by overwriting UEFI variables and then boot any arbitrary code from USB.

0 comments

mjg595y ago

Which will change the measurements in PCR7, which is a detectable event that will break Bitlocker unsealing.

j / k navigate · click thread line to collapse